Jeep Wrangler on 2040-cars

Auto blog

How to update and secure a vulnerable Chrysler Uconnect system

If you own one of the 1.4 million vehicles affected by the recent Chrysler software recall, you may want to watch this video. In it, we explain how to get the latest infotainment software loaded onto the 8.4-inch Uconnect system. The recall was a response to the findings of researchers who were able to hack into and remotely control a 2014 Jeep Cherokee through its cellular connection. Although Fiat Chrysler has worked with Sprint to plug most of the holes on the carrier side, there are still some vulnerabilities that only this latest software version can patch. Owners have three options to get the update: download it now, wait for a USB stick in the mail, or take the vehicle to an FCA dealer. Chrysler will be sending USB sticks loaded with the software update to customers. Anyone with an internet connection and a USB stick of their own with at least 4 GB capacity can speed things up by downloading the patch from the Uconnect website. We cover that process from start to finish in the video, with the final portion still applicable to those using the FCA-supplied USB stick. If after watching this you still don't want to tackle the patch yourself, you can take your vehicle to the dealer to have it done. Also note that this process is the same for all Uconnect updates, not just the one patching the exploits. Our demonstrator vehicle is a 2015 Ram 1500 pickup. The procedure should be very similar on other products with the 8.4-inch Uconnect system, with only the location of the USB port varying. Once you have the USB stick with the software on it – either after having downloaded it yourself or receiving it in the mail from Chrysler – the installation process is relatively simple. It takes about 15 minutes to perform the update; we edited out the wait in the video. To check whether or not your car's 8.4-inch Uconnect system is running the latest software, go to System Information on the touch screen's Settings page and look at Software Version. The update related to the recall is version 15.17.5. Related Video: Recalls Chrysler Dodge Jeep RAM Safety Technology Infotainment Videos Original Video hacking

Feds chastise Marchionne over Jeep recall, only 13% repaired so far

Following the significant outcry surrounding the General Motors and Takata airbag safety crises this year, the National Highway Traffic Safety Administration seems to be taking a much more aggressive role in pushing owners to repair their recalled vehicles. In the agency's latest move, it's urging Jeep drivers to get their models fixed. Acting NHTSA administrator David Friedman even sent a letter to Fiat Chrysler Automobiles CEO Sergio Marchionne pressing him to get more of the SUVs fixed. The problem goes back to the recall of the 2002-2007 Liberty and 1993-1998 Grand Cherokee because of the possibility for the fuel tank to rupture in some rear crashes. The campaign affected over 1.5 million vehicles, but Chrysler initially refused NHTSA's request for a repair campaign. The automaker eventually came up with a fix that involved adding a trailer hitch to provide extra protection to the tank. The feds believe the danger "will be reduced by the remedy now offered by Chrysler," according to the statement. However, this latest push comes out of NHTSA's concern that only three percent of the affected vehicles are repaired, although Chrysler maintains some 13.4 percent have actually been fixed. The agency is asking the automaker to reach out to owners "proactively," and get them to bring the Jeeps in dealers. According to the the feds' statement, the company "has nearly 400,000 parts available" to perform the fixes, and it's still producing more. Friedman's letter to Marchionne goes even further, alleging NHTSA has received reports that dealers are turning customers away who request the recall. He asks the CEO to prove within 15 days that these claims are false. "Given the low rates of repair that Chrysler has reported more than a year after the recall, significantly more aggressive steps are required," says a portion of the note. According to The Detroit News, Chrysler has subsequently promised to speed up the recall work, vowing that all dealers will have at least 12 repair kits in stock by Monday. Further, it has announced plans to ramp up its notification campaign with Facebook ads and public service announcements. Scroll down to read NHTSA's full statement on the matter, and Friedman's letter to Marchionne can be read in PDF format, here.

Feds fretting over remote hack of Jeep Cherokee

A cyber-security gap that allowed for the remote hacking of a Jeep Cherokee has federal officials concerned. An associate administrator with the National Highway Traffic Safety Administration said Thursday that news of the breach conducted by researchers Chris Valasek and Charlie Miller had "floated around the entire federal government." "The Homeland Security folks sent out broadcasts that, 'Here's an issue that needs to be addressed,'" said Nathaniel Beuse, an associate administrator with the National Highway Traffic Safety Administration. Valasek and Miller commandeered remote control of the Cherokee through a security flaw in the cellular connection to the car's Uconnect infotainment system. From his Pittsburgh home, Valasek manipulated critical safety inputs, such as transmission function, on Miller's Jeep as he drove along a highway near St. Louis, MO. The scope of the remote breach is believed to be the first of its kind. The prominent cyber-security researchers needed no prior access to the vehicle to perform the hack, and the scope of the remote breach is believed to be the first of its kind. A NHTSA spokesperson said the agency's cyber-security staff members are "putting their expertise to work assessing this threat and the response, and we will take action if we determine it's necessary to protect safety." A Homeland Security spokesperson referred questions about the hack to Chrysler. Fiat Chrysler Automobiles has already been the subject of a federal hearing this month, in which officials scrutinized whether the company had adequately fixed recalled vehicles and repeatedly failed to notify the government about defects. But cyber-security concerns are a new and different species for the regulatory agency. Only hours before the Jeep hack was announced by Wired magazine earlier this week, NHTSA administrator Dr. Mark Rosekind said hacking vulnerabilities were a threat to privacy, safety, and the public's trust with new connected and autonomous technologies that allow vehicles to communicate. NHTSA outlined its response to the cyber-security challenges facing the industry in a report issued Tuesday. In it, the agency summarized its best practices for thwarting attacks and said it will analyze possible real-time infiltration responses. But the agency's ability to handle hackers may only go so far.